Lucene search
HistoryAug 01, 2023 - 2:15 p.m.
CVE-2022-39986
raspap
command injection
vulnerability
unauthenticated
execute arbitrary commands
ajax
openvpn
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.881 High
EPSS
Percentile
98.7%
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Affected configurations
Node
raspapraspapRange2.8.0–2.8.7
Related
prion
prion
Command injection
2023-08-01 14:15:00
osv
osv
RaspAP Command Injection vulnerability
2023-08-01 15:30:30
CVE-2022-39986
2023-08-01 14:15:09
github
github
RaspAP Command Injection vulnerability
2023-08-01 15:30:30
cve
cve
CVE-2022-39986
2023-08-01 14:15:09
cvelist
cvelist
CVE-2022-39986
2023-08-01 00:00:00
veracode
veracode
Command Injection
2023-08-03 03:20:29
zdt
zdt
RaspAP 2.8.7 Unauthenticated Command Injection Exploit
2023-08-15 00:00:00
nuclei
nuclei
RaspAP 2.8.7 - Unauthenticated Command Injection
2023-08-18 10:31:22
githubexploit
githubexploit
Exploit for Command Injection in Raspap
2023-08-16 11:32:26
packetstorm
packetstorm
RaspAP 2.8.7 Unauthenticated Command Injection
2023-08-15 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-08-18 17:22:46
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.881 High
EPSS
Percentile
98.7%
Related for NVD:CVE-2022-39986